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/ CLAIMS 

1 X. A method for authenticating an external module comprising the steps of: 

2 creating data K using two different schemes, at least one scheme being based 

3 on the integrity of the module to be verified; 

4 creating an authentication token for said module which produces K in both 

5 schemes; 

6 using K as created by one scheme to disrupt said module; and 

7 using K as created by the other scheme to restore the module. 

1 2. The method as defined in claim 1 , wherein one or more of the schemes is based 

: — c 

2 on RSA encryption. 
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i:^ 1 3. The method as defined in claim 1 , wherein one or more of the schemes is based 

! B R 2 on digital signets. 

: 3 1 4. The method as defined in claim 1 , further comprising the step of: 

Q 2 embedding a public component of one or more of the schemes in a verification 

S 3 code of the application. 

1 5. The method as defined in claim 1 , further comprising the step of: 

2 conveying private components of all schemes to a module authentication 

3 authority. 

1 6. The method as defined in claim 5, wherein the creating an authentication token 

2 step is automated by providing developers of the external module access to a Web site 

3 which allows them to submit the hash of their module and to retrieve the authentication 

4 token. 
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1 7. The method as defined in claim 1 , wherein the authentication token is embedded 

2 in the external module as long as the external module itself remains functional. 

1 8. The method as defined in claim 7, where the embedding is realized by adding an 

2 additional data section to a DLL in Portable Executable (PE) format. 

1 9. The method as defined in claim 1 , wherein the authentication token is external to 

2 the external module. 

1 10. The method as defined in claim 1, wherein said scheme depending on code 

2 integrity is independent of a location of the external module in memory. 

: 5 

rn 

( n 1 11. The method as defined in claim 10, wherein location independence is achieved 

;B 2 by locating and reading the external module's image on a disk. 

1 12. The method as defined in claim 10, wherein location independence is achieved 

Q 2 by using a canonical hash. 
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1 A method for secure authentication of external modules on an entity comprising 

2 the steps of: 

3 loading an external module into memory; and 

4 beginning a STOMPing process by decrypting a number of pseudo-random bytes 

5 that are part of an authentication token using a public security code of a public and 

6 private component pair security code. 

1 14. The method as defined in claim 1 3, wherein the public and private components of 

2 the security code comprise security codes selected from a group of security codes of: a 

3 signet pair and an RSA pair. 

1 15. The method as defined in claim 13, further comprising the step of: 

2 XORing the decrypted pseudo-random bytes with the external module making 

3 the external module unusable. 

1 16. The method as defined in claim 15, further comprising the step of: 

2 performing a signet extrication process to generate extrication data by using the 

3 hash of the external module to begin an UNSTOMPing process. 

1 17. The method as defined in claim 16, further comprising the step of: 

2 using the extrication data to generate another stream of pseudo-random bytes. 

1 18. The method as defined in claim 17, further comprising the step of: 

2 XORing the another stream of pseudo-random bytes with the unusable external 

3 module thereby making the unusable external module usable in the event there has 

4 been no illicit patching of the external module and maintaining the unusable external 

5 module unusable in the event that the external module has been illicitly patched such 

6 that an application or program that is accessing the module fails to operate. 
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1 19. The method as defined in claim 18, further comprising the step of: 

2 re-authenticating the external module by periodically performing the STOMP and 

3 UNSTOMPing process multiple times while interacting with the external module. 

1 20. The method as defined in claim 18, further comprising the step of: 

2 performing run time checks to make sure that function calls to the external module are 

3 not intercepted by an attacker. 
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A computer readable medium comprising instructions for secure authentication of 
external modules on an entity comprising the instructions of: 
loading an external module into memory; and 

beginning a STOMPing process by decrypting a number of pseudo-random bytes 
that are part of an authentication token using a public security code of a public and 
private component pair security code. 

22. The computer readable medium as defined in claim 21 wherein the public and 
private components of the security code comprise security codes selected from a group 
of security codes of: a signet pair and an RSA pair. 
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4 23. The computer readable medium as defined in claim 21 further comprising the 

5 instruction of: 

6 XORing the decrypted pseudo-random bytes with the external module making 

7 the external module unusable. 

1 24. The computer readable medium as defined in claim 23 further comprising the 

2 instruction of: 

3 performing a signet extrication process to generate extrication data by using the 

4 hash of the external module to begin an UNSTOMPing process. 

_ 1 25. The computer readable medium as defined in claim 24 further comprising the 

2 instruction of: 

m 

fh 3 using the extrication data to generate another stream of pseudo-random bytes. 

m 1 26. The computer readable medium as defined in claim 25 further comprising the 

I" 2 instruction of: 

• ; 2 3 XORing the another stream of pseudo-random bytes with the unusable external 

q 4 module thereby making the unusable external module usable in the event there has 

)t z 5 been no illicit patching of the external module and maintaining the unusable external 

□ 6 module unusable in the event that the external module has been illicitly patched such 

7 that an application or program that is accessing the module fails to operate. 

1 ^ A system for secure authentication of external modules on an entity comprising 

2 the units of: 

3 a loader unit for loading an external module into memory; and beginning a 

4 STOMPing process by 

5 a decryption unit for decrypting a number of pseudo-random bytes that are part 

6 of an authentication token using a public security code of a public and private 

7 component pair security code. 
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